Information Resource Stewardship A suggested approach for managing the critical information assets of the organization.

Slides:



Advertisements
Similar presentations
The Impact of Auditing on Records Management Risk and Compliance Susan B. Whitmire, CRM, FAI Manager, Enterprise Records and Information Management BlueCross.
Advertisements

Presentation by Priyanka Sawarkar
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
Overview of IS Controls, Auditing, and Security Fall 2005.
Institutional Repositories It’s not Just the Technology New England Archivists Boston College March 11, 2006 Eliot Wilczek University Records Manager Tufts.
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.
Oncor’s EIM Program.
Developing a Records & Information Retention & Disposition Program:
© Prentice Hall CHAPTER 14 Managing Technological Resources.
An Introduction to the Hennepin County Hennepin County GIS Technical Advisory Group (eGTAG) 10/20/2009.
Alliance for Strategic Technology (AST) SUNY Business Intelligence Initiative January 8, 2009.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
UNLV Data Governance Executive Sponsors Meeting Office of Institutional Analysis and Planning August 29, 2006.
LEVERAGING THE ENTERPRISE INFORMATION ENVIRONMENT Louise Edmonds Senior Manager Information Management ACT Health.
DATA GOVERNANCE: Managing Access Jeremy Singer Suneetha Vaitheswaran.
Peer Information Security Policies: A Sampling Summer 2015.
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
Chapter 10: Authentication Guide to Computer Network Security.
Justice Information Network Strategic Plan Development Justice Information Network Board March 18, 2008 Mo West, JIN Program Manager.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
U.S. Department of the Interior U.S. Geological Survey USGS Records Management Program: Initiatives, Opportunities, and Assistance Administration and Enterprise.
Adaptive Processes Simpler, Faster, Better 1 Adaptive Processes Understanding Information Security ISO / BS7799.
Sub-session 1B: General Overview of CRVS systems.
Database System Development Lifecycle © Pearson Education Limited 1995, 2005.
Postgraduate Educational Course in radiation protection and the Safety of Radiation sources PGEC Part IV The International System of Radiation Protection.
Database Design - Lecture 1
DBS201: DBA/DBMS Lecture 13.
HIPAA COMPLIANCE WITH DELL
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
SAR Enterprises Syed Ahmed Abdullah Alsubaiei Ramakrishna G.
March 2014 Basic Content Management Tuffolo Group Perspective TUFFOLO.
Database Administration
Component 11/Unit 8b Data Dictionary Understanding and Development.
Page 1Prepared by Sapient for MITVersion 0.1 – August – September 2004 This document represents a snapshot of an evolving set of documents. For information.
1 Strategic Plan for Digital Archives Programme DAP PROJECT SCOPE OVERVIEW STATUS.
IS 325 Notes for Wednesday August 28, Data is the Core of the Enterprise.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
© 2010 Health Information Management: Concepts, Principles, and Practice Chapter 5: Data and Information Management.
Enterprise Solutions Chapter 10 – Enterprise Content Management.
Foundations of Information Systems in Business. System ® System  A system is an interrelated set of business procedures used within one business unit.
TMS - Cooperation partner of TÜV SÜD EFFECTIVE SERVICE MANAGEMENT based on ISO/IEC & ISO/IEC
03/08/1999UT Austin: GSLIS LIS Information Management LIS /8/99 Martha Richardson.
Information Security Framework Regulatory Compliance and Reporting Auditing and Validation Metrics Definition and Collection Reporting (management, regulatory,
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
SAR Enterprises Syed Ahmed Abdullah Alsubaiei Ramakrishna G.
Database Systems: Design, Implementation, and Management Eighth Edition Chapter 1 Database Systems.
Oncology Patient Enrollment Network OPEN OPEN Documentation Lucille Patrichuk OPEN Implementation Manager OPEN Conference September 18, 2008.
Building Preservation Environments with Data Grid Technology Reagan W. Moore Presenter: Praveen Namburi.
ITIL® Service Asset & Configuration Management Foundations Service Transition Thatcher Deane 02/17/2010.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
IT Audit for non-IT auditors Cornell Dover Assistant Auditor General 31 March 2013.
EECS David C. Chan1 Computer Security Management Session 1 How IT Affects Risks and Assurance.
Database Principles: Fundamentals of Design, Implementation, and Management Chapter 1 The Database Approach.
© 2016 Chapter 6 Data Management Health Information Management Technology: An Applied Approach.
Dr. Ir. Yeffry Handoko Putra
Stony Brook University Data Strategy
Data and database administration
Information Assurance Policy and Management
Component 11 Configuring EHRs
Electronic Records Management Program
Change Control Module P5 LEARNING OBJECTIVES: LEARNING OUTCOMES
LM 8 Data Administration & Database Administration
UNLV Data Governance Executive Sponsors Meeting
IS4550 Security Policies and Implementation
Syed Ahmed Abdullah Alsubaiei Ramakrishna G
Appropriate Access InCommon Identity Assurance Profiles
HLN Consulting, LLC® November 8, 2006
CGSB and Electronic Records
Presentation transcript:

Information Resource Stewardship A suggested approach for managing the critical information assets of the organization

Information Resource Stewardship Is… A business framework in which all information resources (i.e., data, applications and technology) are managed intentionally, and carefully; similarly to other critical business resources.

Information Resource Stewardship Arises… Out of a strategic vision for MSU’s enterprise business systems; that they should: Make data accessible and useful for work; Provide trust (security, compliance, consistency and integrity); Be available, robust and support business continuity; Have a coherent and consistent overall design and framework; Streamline and automate business processes.

Objectives for Information Resource Stewardship Protect, maintain and secure the quality and integrity of the institution’s data Promote adherence to common standards that ensure consistency and accuracy Foster technological designs and implementations that support process integration Provide information required to make informed business decisions, at all levels of the institution Provide access to the right data by the right people at the right time

These objectives are brought together to form “The Framework” for institutional Information Resource Stewardship at MSU

“The Framework” for Institutional Information Resource Stewardship 1. Data coherence Data models Data definitions Data security and confidentiality policy Data security and confidentiality (data access) practices Network security Host system security Application and database security Physical security 2. System integration Middleware design, policies and practices Integration architecture 3. Data security and confidentiality 5. Business rules coherence 4. Records management Records management policies: paper and electronic Workflow design, policies and practices Document imaging practices Systems of record Functional data stewardship responsibility assignment 6. Data usability and business value to the user (e.g.,business intelligence, analytics, decision support) Data integrity Work process security

Data Coherence Data Coherence: Assuring the consistency, integrity and “auditability” of institutional data by adhering to best practice principles of database and system design with regard to data modeling; creating and maintaining institutional “meta-data” dictionaries and repositories; understanding and establishing formal “systems of record”; recognizing and establishing functional roles for data stewardship.

System Integration System Integration: Making data that are shared across the institution available where and when they are needed. This involves a functional understanding of the processes that require and use the data, and the articulation of the proper technical infrastructure (i.e., “middleware”) that best supports them.

Data Security & Confidentiality Data Security and Confidentiality: Developing and maintaining not only access policies and best practice standards for access, but the physical and logical security systems and platforms to ensure the safety, viability and coherence of data, and to satisfy legal and regulatory requirements.

Records Management Maintaining required information as records (digitally or on paper) over time. This involves the proper maintenance and disposition of information (records) having permanent (or long term) historical, legal, administrative or fiscal significance, and includes institutional standards for document “imaging”.

Business Rules Coherence Business Rules Coherence: Developing and maintaining the policies, practices, and procedures to create, update and use data in consistent ways.

Data Usability Data Usability and Business Value to the User: Ensuring that data are useful to people for the effective and efficient conduct of business; that data vital to useful analysis and decision support are available, robust and understandable.

Identity Management Is an excellent example of why Information Resource Stewardship is critical

Juxtaposition of Process and Data More often than not, processes exist “vertically” in an organization (as much as we try to tear down “silos”, they certainly exist and arise naturally) Data, however, cut across processes This “orthogonality” must be managed carefully. The “Framework” identifies the components that are essential to this management

Juxtaposition of Process and Data (Identity Management is a PERFECT example) Processes where identifying a person consistently is important (using Students, and a few typical Student Processes) Student Enrolmnt & Regis. Student Emplmnt Student Payroll Student ID’s Housing Identity Characteristics (NAME, DOB, PID, SSN, etc.) cut across ALL of these processes (and certainly others)

Problems Result When… This shared nature of data across processes is not recognized or managed. Think of the problems that arise when: The same student has multiple PIDS (duplicates) The same student has different names in different systems The same student has different SSN’s in different systems There are inconsistent definitions for these critical pieces of identity data There are different rules (in each system) for updating one of these critical pieces of identity data The pieces exist in multiple places (but are needed by one system)

How Could the Framework Help? Data coherence: Consistent definitions for each identity component Identification of a single source system of record for each component; where is each component (e.g., name, dob, etc.) added, maintained, and retrieved? System integration: Developing the proper technical platform for keeping core identity information (that may be maintained elsewhere), and making it available where needed and when needed (at the first possible instance? When appropriate?) Identification and linking of data from systems of record

How Could the Framework Help? (con’t) Data Security & Confidentiality Much of the core identity data are sensitive and/or confidential What should the access, and update rules be that preserve this confidentiality, but promote the effectiveness and needed efficiencies of business processes? How do we keep the data safe from intrusion? Records Management Where and how do we store our copies of these data? For how long should we retain these records, and in what form?

How Could the Framework Help? (con’t) Business Rules Coherence Development of rules for maintaining core identity data, as well as identification of where this updating will take place, when it will take place (What type of “physical” evidence is needed for proving identity? Under what conditions, for example, do we accept a name change? How do we verify a death?) These rules apply institution wide, are documented and widely communicated Data Usability Centralized identity management will ensure consistency of results (e.g., issuance of a single net ID per person) The integrity of core identity attributes is maintained and assured in each of the processes

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.